Meltdown and Spectre Vulnerabilities, and How You Can Spot Them

Two processor vulnerabilities are currently in the news, and here’s a summary on the vulnerabilities and how customers may be affected, in addition to how Pinnacle’s threat hunting services detect and mitigate risks in these exploits.

In a nutshell:

Meltdown allows a program to access the memory of other programs as well as the OS.

Spectre affects all of the processors, whereas Meltdown hits Intel and ARM processors.

Although these are new threats, current endpoint protections that perform memory anomaly scanning, like Cybereason or Cylance, may detect/prevent these memory exploits and feed our PeakPlus SECURE Platform with specifics.

The method of launching these attacks is similar to, if not exactly the same as, landing page exploits used for ransomware or exploit kits. We would expect to see Spectre and Meltdown use the same common attack vectors. Examples would be alerts similar to landing page or phishing attacks.

Spectre Official CVE: CVE-2017-5753 and CVE-2017-5715

Meltdown Official CVE: CVE-2017-5754

This can be mitigated by existing deployments of web proxies, firewalls, and IPs. Then, once patches for operating systems, web browsers, proprietary systems, security platforms, etc., are available, ensuring that the most up-to-date patches are deployed will be key to limiting access to the privileged memory.

Additional information on these vulnerabilities can be found at the following links: